Hi,
I am using Grafana 4.6.3 and Nginx 1.14.x as reverse proxy.
I am testing Grafana for client side URL redirection attack and it seems that grafana is allowing openr edirection.
What to know how to configure grana/nginx to prevent that
Regards
Nitendra
Testing for Client Side URL Redirect (OTG-CLIENT-004) - OWASP
This vulnerability occurs when an application accepts untrusted input that contains an URL value without sanitizing it. This URL value could cause the web application to redirect the user to another page as, for example, a malicious page controlled by the attacker.
Could you provide example how can you use client redirection in your Grafana setup?
Say you have URL for particular dashboard, which you have saved the link, logout and closed browser session.
When you open new browser session and call this dashboard URL, grafana rediect to login page, while doing that in cookie section it has redirect_to flag pointing to the asked dashboard.
We can use browser interceptor to capture login process and modify the url (pointing to toehr third party url ) in redirect_to flag and grafana does the authentication and after that user is redirect to third party URL which we have provided in redirect_to flag.
We tried with secure cookies, it didn’t work, we will try with enforce domain.